'Rogers AT&T Billing Vulnerability; Part II'
Written by: The Clone
Date: Monday, August 6, 2001
As mentioned in: The Edmonton Journal (08/05/01)
"Rogers cellphone network crippled
by mystery glitch"
-=[The Glitch]
-=[Glitch Details]
-=[Conclusion]
-=[References]
-=[Contact]
-
The Glitch:
What has been said as this nations largest cellular service interruption
ever; up to 2.6 million Rogers AT&T wireless customers throughout Canada
lost communication on Saturday evening. Customers reportedly were able to
make calls, yet they were unable to receive them. This problem apparently
started at 1:30pm and was fixed by Rogers staff later on that evening at
around 11:00pm.
-
Glitch Details:
One thing that we noticed last night, was that we were not getting billed
for any local or long distance outbound calls that we made. This is quite
similar to another billing vulnerability that we discovered about 9 months
ago; basically if you were a Rogers AT&T Pay-As-You-Go subscriber
and you wanted to make yourself a free local or long distance call, all you
would have to do is enter the phone number you wished to call and wait for
it to dial. If you did not hear the automated voice telling you how much
time you had left on your account, you didn't get time taken off - if you
heard the voice, you did. What caused this problem was simple; if too many
calls were incoming to to Rogers' HLR (Home Location Register) system which
screens the subscribers ESN, MIN, phone number, and number dialed, your call
would divert and directly connect you to your called party for free. This problem
was recently fixed when Rogers AT&T upgraded their faulty billing system.
However, last night just showed us something: that Rogers AT&T's supposed new
"billing system" has larger software problems than before with their lack-of-ability
to handle a high volume of incoming calls.
Spokesperson for Rogers AT&T, Heather Armstrong, told The Edmonton Journal:
"this kind of an issue is very, very rare. This is receiving our utmost priority and
attention." This claim, of course, is completely untrue.
-
Conclusion:
Do you think it's about time that the cellular carriers start investing in
and taking the first steps into adopting and developing open-source based
billing module? This would help to stop the revenue-loss caused by simple
proprietary programming errors, and open up a new industry for telecom
security professionals ("phreaks").
-
References:
"Rogers/AT&T Pay-As-You-Go Billing Vulnerability"
http://www.nettwerked.net/rogersatt_exploit.txt
Edmonton Journal: "Rogers cellphone network crippled by mystery glitch"
Sunday, August 5, 2001 - [A1] / (continued on) [A12]
-
Contact:
E-mail: [email protected]
URL: www.nettwerked.net